Agile Sourcing Partners, a company based in Corona, California, appears to have fallen prey to the Conti ransomware group, causing personal financial data and other identifying information maintained by Agile to be released on the dark web.
On its website, Agile states it is in the business of providing integrated solutions in gas and electric utility and infrastructure markets. It has 8 locations nationwide.
On May 16, 2022, we learned that the Conti group had announced a possible data breach of Agile Sourcing Partners’ computer systems, which purportedly took place on April 2, 2022. Details are limited as to the extent of the hack at this time.
The group made 2.67 GB of data openly available on the dark web, representing that this was only 1% of the data the Conti group had taken. The Conti group has been linked to over 1,000 ransomware events.
Companies such as Agile have been made aware for a year to be on the lookout for ransomware attacks from the Conti ransomware group. The FBI issued a Flash Alert about Conti ransomware attacks in May, 2021. On September 22, 2021, a Joint Cybersecurity Advisory was disseminated with details about what red flags indicate a business has been compromised by Conti ransomware, and how attacks can be avoided.
Businesses Should Be Held Accountable For Data Breaches
“With ransomware groups more active than ever, it is vital that companies stay abreast of the latest FBI advisories to avoid falling victim to these schemes and quickly recognize if they have been compromised,” explains April M. Strauss, senior California attorney and Certified Information Privacy Professional. “Vigilantly following best data security practices, employee training, and a commitment to data minimization are essential for any company holding sensitive personal data of consumers or employees.”
When businesses decide to collect and keep personal data about California residents, under California law they take on the obligation to protect that information and keep it safe from hackers, thieves, and other criminals. This personal data is incredibly valuable, both to businesses and to criminals who want to sell that information on the dark web to identity thieves and other black marketeers. The stakes are high: Data breach victims are more likely to also be victims of additional fraud. So “it is clear that many organizations need to sharpen their security skills, trainings, practices, and procedures to properly protect consumers.” K. Harris, former Attorney General, California DOJ, California Data Breach Report 2012-2015 (2016).
California Privacy Laws Protect You
Several laws, including the California Consumer Privacy Act (CCPA), require businesses implement and maintain reasonable security when they collect and keep certain types of personal information. If that sensitive information is unencrypted and accessed, stolen, or hacked because a business failed to exercise reasonable security measures, an affected California resident can sue to protect their rights under the CCPA and other state laws.
If you are a California resident and your data has been compromised, the CCPA provides affected consumers may be entitled to between $100 and $750 or actual damages, whichever is greater.
Participants in data breach lawsuits can recover damages, injunctive relief (to make sure that the business has reasonable security practices to protect consumer data from being leaked again), and anything else the court concludes is necessary to compensate data breach victims and prevent these harms from reoccurring.